From 453a5451f20f22cb466b5be58f7d771ca5fa6d25 Mon Sep 17 00:00:00 2001
From: gulining <gulining1@huawei.com>
Date: Fri, 22 Mar 2019 02:23:47 -0400
Subject: [PATCH] backport-CVE-2018-10906.patch

Signed-off-by: gulining <gulining1@huawei.com>
---
 libfuse-fuse-2.9.7/util/fusermount.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/libfuse-fuse-2.9.7/util/fusermount.c b/libfuse-fuse-2.9.7/util/fusermount.c
index d950c5c..e14e7dd 100644
--- a/libfuse-fuse-2.9.7/util/fusermount.c
+++ b/libfuse-fuse-2.9.7/util/fusermount.c
@@ -29,6 +29,7 @@
 #include <sys/socket.h>
 #include <sys/utsname.h>
 #include <sched.h>
+#include <stdbool.h>
 
 #define FUSE_COMMFD_ENV		"_FUSE_COMMFD"
 
@@ -740,8 +741,10 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
 		unsigned len;
 		const char *fsname_str = "fsname=";
 		const char *subtype_str = "subtype=";
+		bool escape_ok = begins_with(s, fsname_str) ||
+						 begins_with(s, subtype_str);
 		for (len = 0; s[len]; len++) {
-			if (s[len] == '\\' && s[len + 1])
+			if (escape_ok && s[len] == '\\' && s[len + 1])
 				len++;
 			else if (s[len] == ',')
 				break;
@@ -795,10 +798,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
 						flags |= flag;
 					else
 						flags  &= ~flag;
-				} else {
+			} else if (opt_eq(s, len, "default_permissions") ||
+					   opt_eq(s, len, "allow_other") ||
+					   begins_with(s, "max_read=") ||
+					   begins_with(s, "blksize=")) {
 					memcpy(d, s, len);
 					d += len;
 					*d++ = ',';
+			} else {
+					fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s);
+					exit(1);
 				}
 			}
 		}
-- 
1.8.3.1